Skip to content

Commit ba00100

Browse files
alexwilcox9alexwilcox9
committed
WIP Entra External Auth for ADO
1 parent 1cc51b0 commit ba00100

File tree

1 file changed

+19
-18
lines changed

1 file changed

+19
-18
lines changed

coderd/externalauth/externalauth.go

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -698,12 +698,9 @@ func jfrogArtifactoryDefaults(config *codersdk.ExternalAuthConfig) codersdk.Exte
698698

699699
var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.ExternalAuthConfig{
700700
codersdk.EnhancedExternalAuthProviderAzureDevops: {
701-
AuthURL: "https://app.vssps.visualstudio.com/oauth2/authorize",
702-
TokenURL: "https://app.vssps.visualstudio.com/oauth2/token",
703701
DisplayName: "Azure DevOps",
704702
DisplayIcon: "/icon/azure-devops.svg",
705703
Regex: `^(https?://)?dev\.azure\.com(/.*)?$`,
706-
Scopes: []string{"vso.code_write"},
707704
},
708705
codersdk.EnhancedExternalAuthProviderBitBucketCloud: {
709706
AuthURL: "https://bitbucket.org/site/oauth2/authorize",
@@ -753,26 +750,30 @@ type jwtConfig struct {
753750
}
754751

755752
func (c *jwtConfig) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string {
756-
return c.Config.AuthCodeURL(state, append(opts, oauth2.SetAuthURLParam("response_type", "Assertion"))...)
753+
return c.Config.AuthCodeURL(state, append(opts, oauth2.SetAuthURLParam("resource", "499b84ac-1321-427f-aa17-267ca6975798"))...)
757754
}
758755

759756
func (c *jwtConfig) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
760-
v := url.Values{
761-
"client_assertion_type": {},
762-
"client_assertion": {c.ClientSecret},
763-
"assertion": {code},
764-
"grant_type": {},
765-
}
766-
if c.RedirectURL != "" {
767-
v.Set("redirect_uri", c.RedirectURL)
768-
}
757+
// v := url.Values{
758+
// "client_assertion_type": {},
759+
// "client_assertion": {c.ClientSecret},
760+
// "assertion": {code},
761+
// "grant_type": {},
762+
// }
763+
// if c.RedirectURL != "" {
764+
// v.Set("redirect_uri", c.RedirectURL)
765+
// }
766+
769767
return c.Config.Exchange(ctx, code,
770768
append(opts,
771-
oauth2.SetAuthURLParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),
772-
oauth2.SetAuthURLParam("client_assertion", c.ClientSecret),
773-
oauth2.SetAuthURLParam("assertion", code),
774-
oauth2.SetAuthURLParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"),
775-
oauth2.SetAuthURLParam("code", ""),
769+
// oauth2.SetAuthURLParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),
770+
// oauth2.SetAuthURLParam("client_assertion", c.ClientSecret),
771+
// oauth2.SetAuthURLParam("assertion", code),
772+
// oauth2.SetAuthURLParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"),
773+
// oauth2.SetAuthURLParam("code", ""),
774+
oauth2.SetAuthURLParam("client_id", c.ClientID),
775+
oauth2.SetAuthURLParam("resource", "499b84ac-1321-427f-aa17-267ca6975798"),
776+
oauth2.SetAuthURLParam("client_secret", c.ClientSecret),
776777
)...,
777778
)
778779
}

0 commit comments

Comments
 (0)